Hacking and fake news cast shadows over German election

Germany faces up to the threat of targeted cyberattacks ahead of September’s federal vote

The Chancellery, Berlin. Germany is to hold federal elections on September 24th. Photograph: Sean Gallup/Getty Images

The Bundestag break-in occurred in May 2015, without a window being smashed. The intruders to the German parliament were not looking for anything tangible, nor were they even in Berlin. They wanted data and they got it: an estimated 16 gigabytes worth.

This was no random smash-and-grab: the hackers sorted carefully through hard drives and made copies only of recently-created Microsoft Word documents. So thorough was their penetration of the German parliament’s computer network that, for fear they had left spy software on the network, everything had to be taken apart, software reinstalled and rebooted and, in some cases, hardware replaced.

No one knows for sure what was lifted out of the Bundestag IT network, but technical staff can say one thing: one of 14 computers hacked was in the Bundestag office of German chancellor Angela Merkel.

Using that computer, the hackers sent an email out to members of her Christian Democratic Union (CDU), supposedly about a telephone conference. Anyone who clicked the link in the mail – naive enough to think the CDU leader writes her own messages – infected their computer with a virus. But to what end?

Ahead of the September 24th federal election, German intelligence agencies hope for the best but are planning for the worst.

German domestic intelligence director Hans-Georg Maassen has warned that “disinformation campaigns” from Russia are as likely as Moscow involvement in the 2015 Bundestag attack, and another one that took place a year later. But he concedes it is “almost impossible . . . to find irrefutable evidence”.

During their investigation after the 2015 attack, German IT specialists found computer code with traces of the Russian hacker collective APT28, linked to the US Democratic Party hack.

But, as any tech specialist will tell you, it is almost impossible to pin a hack attack on any group, particularly as many groups now co-opt each others’ signature code to leave false trails.

‘Abducted’

Cyberttacks are not the only shadow over this month’s election. Everyone in Germany remembers the case of Lisa, a 13-year-old Russian-German girl who disappeared from her home in January 2016. When she reappeared 30 hours later she said she had been abducted and raped by a group of “southern” migrants.

By tracking her mobile phone data it emerged that the girl had spent the night at a friend’s house. As for the rape claims, two men were convicted of sex with a minor but police believe they had contact with the girl over a longer period. Despite this, the rape of “our Lisa” dominated Russian news for days, Russia’s foreign minister got involved and Russian-Germans held protests outside the chancellery.

With Germany’s refugee crisis still bubbling under the surface, and several real, horrific cases of asylum-seeker violence against German women, how difficult would it be to stir up opinion with a fake story?

Ahead of the election, Correktiv has noted a spike in the western Ruhr area of hyperlocal social media fake reports about rapist refugees.

“And we can also see the Russian-German minority are being bombarded with fake news on social media,” said David Shraven, of Correktiv.

About 2.4 million Russians moved to Germany in the post-war years and have traditionally voted for Merkel’s ruling CDU.

The CDU now sees a co-ordinated effort to push Russian-Germans over to the far-right Alternative für Deutschland (AfD) and is pointing the finger at Russian president Vladimir Putin and his administration.

“Ousting Merkel would be a success for Putin,” said Michael Grosse-Bömer, CDU parliamentary secretary, describing a more pro-Russian coalition – of Social Democrats (SPD), Greens and post-communist Left party – as Putin’s “dream”.

Plausible

German political analysts say it is plausible, given their long history and mutual antipathy, that Putin would target Merkel ahead of, during or after the election.

Before a recent US Senate committee, Constanze Stelzenmüller, a German analyst at Washington’s Brookings Institution, testified that “humbling Merkel would be a victory over Europe, and the West” for the Russian leader.

On a trip to Berlin, she pointed out how the impact of Russia’s interference is “hit and miss, often miss”.

“It’s more difficult because there has been so much debate about Russian interference that, for them, the price and cost have gone up,” said Stelzenmüller. And even without direct hacking evidence, she says, Moscow’s interference is “blatantly obvious”.

“Russian propaganda is aimed at us, peddling a certain narrative and that narrative is being taken up here and spread,” she said.

As election day approaches, Germany is cranking up its cybersecurity with rapid reaction forces in the intelligence services and even a new cyberdivision set up in the army alongside ground forces, the marines and air force.

Software manipulation

Germany’s federal office for information security (BSI) believes the paper ballot is secure, with limited hacking potential, but what about the software used to collate the results? A 29-year-old hacker from Darmstadt has just announced a successful manipulation of the results software, efforts confirmed by one of Germany’s leading hacker groups.

The federal election office plays down this risk, insisting its computers operate on its digital network, parallel to the internet.

After election hacks in the US and France, is Germany next? Probably, say experts.

But BSI director Arne Schönbohm already has his eyes on the time after September 24th, seeing potential to sow doubts about the election’s legitimacy by “spreading false rumours about irregularities”.

He told Der Spiegel magazine that security preparations for the looming German election were like getting ready for the the Olympic Games.

“You prepare thoroughly and train intensively,” he said, “and you can do no more than that.”

We reserve the right to remove any content at any time from this Community, including without limitation if it violates the Community Standards. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or by filling out this form. New comments are only accepted for 3 days from the date of publication.